Show Notes: linuxunplugged.com/457

The post Automated Chaos | LINUX Unplugged 457 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/163

The post Linux Action News 163 first appeared on Jupiter Broadcasting.

Show Notes: linuxunplugged.com/333

The post Linux Wayback Machine | LINUX Unplugged 333 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Exclusive: Microsoft responded quietly after detecting secret database hack in 2013

• Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.

• The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

How I Socially Engineer Myself Into High Security Facilities

• A few months ago, a client had hired me to test two of their facilities. A manufacturing plant, plus data center and office building nearby.

• I scour profiles of employees who work at these facilities, and cross-reference them to other social media sites.

• This is not an advanced investigation. I’m not a private investigator and I don’t have the resources of the NSA. But I can do a lot of damage with simple methods.

• X could have saved the company a lot of heartache by simply verifying that I was who I claimed to be.

• I’ve been doing this job for a couple years now, and almost every job is a variant of this story. Very rarely do I go through an entire assessment without some sort of social engineering.

Crippling crypto weakness opens millions of smartcards to cloning

• Yubico not aware of any security breaches due to this issue

Millions of smartcards in use by banks and large corporations for more than a decade have been found to be vulnerable to a crippling cryptographic attack. That vulnerability allows hackers to bypass a wide range of protections, including data encryption and two-factor authentication.

At this time, we are not aware of any security breaches due to this issue. We are committed to always improving how we protect our customers and continuously invest in making our products even more secure.

Feedback

• Workaround for the WPA2 exploit – from Jonathan

• SNAPs for… Windows?

• Server Layout for Linux System with LXC – There is an interesting project kind of related to this idea called CloudABI – CloudABI for FreeBSD

• IT Land before time COMPUTERS THAT NEVER WERE Software Emulator for the Cardboard Illustrative Aid to Computationn

Round Up:

• Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit

• Mercedes handles the competition because it knows how to handle data, too

• IT TAKES JUST $1,000 TO TRACK SOMEONE’S LOCATION WITH MOBILE ADS

• Encryption chip flaw afflicts huge number of computers

• Canada’s ‘super secret spy agency’ is releasing a malware-fighting tool to the public

• Writing a Bootloader Part 1

The post Cloudy with a chance of ABI | TechSNAP 342 first appeared on Jupiter Broadcasting.

We share our early experiences with virtualization, then show you how Linux’s built-in enterprise grade virtualization curb stomps some commercial options. The discussion wraps up with examples of awesome hardware passthrough, and the major shift Linux has made possible.

PLUS: Chromebooks outsell Macs, the sad story of an important project fading away, the big choice facing Fedora & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Virtualization

• Eddie Asks

libvirt

Libvirt is collection of software that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management. These software pieces include a long term stable C API, a daemon (libvirtd), and a command line utility (virsh). A primary goal of libvirt is to provide a single way to manage multiple different virtualization providers/hypervisors, such as the KVM/QEMU, Xen, LXC, OpenVZ or VirtualBox hypervisors

Virtual Machine Manager Home

The virt-manager application is a desktop user interface for managing virtual machines through libvirt. It primarily targets KVM VMs, but also manages Xen and LXC (linux containers). It presents a summary view of running domains, their live performance & resource utilization statistics. Wizards enable the creation of new domains, and configuration & adjustment of a domain’s resource allocation & virtual hardware. An embedded VNC and SPICE client viewer presents a full graphical console to the guest domain.

Boxes – GNOME Wiki!

UEFI in Virutal Machines, Meet OVMF

OVMF is an EDK II based project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU and KVM.

Using CPU host-passthrough with virt-manager

Since host-passthrough is the only reliably way to expose the full capabilities of the host CPU to the VM, users regularly want to enable it.

• Qemu OVMF PCI Passthrough stopped booting after most recent update / Applications & Desktop Environments

unraid – Virtualization Host

• 7 Gamers, 1 CPU – Ultimate Virtualized Gaming Build Log – YouTube

In our case, we created 7 discrete gaming systems capable of running concurrently and completely independently of each other – all running in a single tower.

• 8 (or is it 10?) Gamers, 1 CPU – Taking it to the Next Level! – YouTube

Another $30,000 worth of computer hardware.. But can it power TEN gaming rigs this time??

Proxmox – Powerful Open Source Server Solutions

• Storage: ZFS – Proxmox

How To

Server

• yum install kvm qemu-kvm python-virtinst libvirt libvirt-python virt-manager libguestfs-tools

• chkconfig libvirtd on

• service libvirtd start

• yum install bridge-utils

• Open Virt-Manager > click + > Bridge > br0 > Start Mode: onboot > Activate Now > Check eth0

Client

• Install virt-manager

— PICKS —

Runs Linux

The NVIDIA DGX-1 Deep Learning System, Runs Linux

• GTC 2016 NVIDIA DGX 1, World’s First Deep Learning Supercomputer part 7 – YouTube

Desktop App Pick

Netdata – Real-Time Performance Monitoring

netdata is a highly optimized Linux daemon providing real-time performance monitoring for Linux systems, Applications, SNMP devices, over the web !

• nethogs: Linux ‘net top’ tool

NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.

Spotlight

systemd GUI: systemd-manager

This application exists to allow the user to manage their systemd services via a GTK3 GUI. Not only are you able to make changes to the enablement and running status of each of the units, but you will also be able to view and modify their unit files, check the journal logs. In addition, systemd analyze support is available to display the time it takes for systemd to boot the system.

Patrons watch the full live version of LAS

• LAS 418 FULL LIVE STREAM

— NEWS —

Chromebooks outsold Macs for the first time in the US

Google’s low-cost Chromebooks outsold Apple’s range of Macs for the first time in the US recently. While IDC doesn’t typically break out Windows vs. Chromebook sales, IDC analyst Linn Huang confirmed the milestone to The Verge. “Chrome OS overtook Mac OS in the US in terms of shipments for the first time in 1Q16,” says Huang. “Chromebooks are still largely a US K-12 story.”

• lykwydchykyn comments echo Chris’ thoughts perfectly

Fedora just missed rebasing on the goodness that is Linux 4.6

• Fedora 24 ships June 14, 2016

And because of that, it looks like Linux kernel 4.6 will not be the default for the Fedora 24 operating system, which will ship in less than a month, on June 14, 2016, with the latest maintenance release of the Linux 4.5 kernel series. However, the chances are that Linux kernel 4.6 will be shortly released to the stable channels for users to upgrade their current kernel after Fedora 24’s official release.

Linux kernel 4.6 was announced by Linus Torvalds on May 15, 2016. It promises to offer users a new distributed file system, OrangeFS, support for the USB 3.1 SuperSpeed Plus (SSP) protocol, Out Of Memory task killer reliability improvements, support for Intel Memory protection keys, the Kernel Connection Multiplexor, as well as 802.1AE MAC-level encryption (MACsec) support.

Moreover, Linux kernel 4.6 ships with support for the BATMAN V protocol, an online inode checker for the OCFS2 file system, dma-buf, support for cgroup namespaces, and support for the pNFS SCSI layout. The first GNU/Linux distributions to adopt the Linux 4.6 kernel branch are Gentoo, Arch Linux, and SparkyLinux, and openSUSE Tumbleweed should join them in the coming weeks.

lm-sensors project dead?

It’s been a year since the last LM-Sensors release and the project isn’t as vibrant or active as it once was while the project site has been down for a while now and it doesn’t appear to be coming back.

Mattermost continues to bring the heat to Slack

Mattermost 3.0 offers a long awaited features: multi-team accounts, Japanese language translation, and full width display, plus upgrades to apps for iOS, Android, Windows, Linux and Mac, emojis, and we have new integrations for Outlook, Ruby & Rust.

Introducing Mycroft Core – Mycroft

We are pleased to announce that Mycroft Core 0.6 Alpha is available for download today. Mycroft Core is a lightweight, portable piece of software written in Python. You can run it on anything from a Raspberry Pi to a gaming rig.

Mail Bag

• https://slexy.org/view/s26VoSpJhR

• Why screen lockers on X11 cannot be secure – Martin’s Blog

• Circumventing Ubuntu Snap confinement
• xorg – Why is X11 a security risk in servers? – Ask Ubuntu
• X11 is horribly insecure, each subuser should get its own X11 server in a container. · Issue #31 · subuser-security/subuser · GitHub

• The Wayland Situation: Facts About X vs. Wayland – Phoronix

• https://slexy.org/view/s2kxsRnQk5

Call Box

• Chris’ call out for the community to help him with his background

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Virtualization Revelation | LAS 418 first appeared on Jupiter Broadcasting.

This week on the show, we’ll be talking with Peter Toth. He’s got a jail management system called “iocage” that’s been getting pretty popular recently. Have we finally found a replacement for ezjail? We’ll see how it stacks up.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD on Olimex RT5350F-OLinuXino

• If you haven’t heard of the RT5350F-OLinuXino-EVB, you’re not alone (actually, we probably couldn’t even remember the name if we did know about it)
• It’s a small board with a MIPS CPU, two ethernet ports, wireless support and… 32MB of RAM
• This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment
• In part two of the series, he talks about the GPIO and how you can configure it
• Part three is still in the works, so check the site later on for further progress and info

The modern OpenBSD home router

• In a new series of blog posts, one guy takes you through the process of building an OpenBSD-based gateway for his home network
• “It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst”
• Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless
• This guide also covers PPP and IPv6, in case you have those requirements
• In a similar but unrelated series, another user does a similar thing – his post also includes details on reusing your consumer router as a wireless bridge
• He also has a separate post for setting up an IPSEC VPN on the router

NetBSD at Open Source Conference 2015 Kansai

• The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference
• They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event
• Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k
• They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it
• And what conference would be complete without an LED-powered towel

OpenSSH 7.0 released

• The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code
• SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled
• The syntax for permitting root logins has been changed, and is now called “prohibit-password” instead of “without-password” (this makes it so root can login, but only with keys) – all interactive authentication methods for root are also disabled by default now
• If you’re using an older configuration file, the “without-password” option still works, so no change is required
• You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications
• Various bug fixes and documentation improvements are also included
• Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users
• In the next release, even more deprecation is planned: RSA keys will be refused if they’re under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled

Interview – Peter Toth – peter.toth198@gmail.com / @pannonp

Containment with iocage

News Roundup

More c2k15 reports

• A few more hackathon reports from c2k15 in Calgary are still slowly trickling in
• Alexander Bluhm’s up first, and he continued improving OpenBSD’s regression test suite (this ensures that no changes accidentally break existing things)
• He also worked on syslogd, completing the TCP input code – the syslogd in 5.8 will have TLS support for secure remote logging
• Renato Westphal sent in a report of his very first hackathon
• He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) – the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network
• Philip Guenther also wrote in, getting some very technical and low-level stuff done at the hackathon
• His report opens with “First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking.” – not exactly beginner stuff
• There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well

FreeBSD jails, the hard way

• As you learned from our interview this week, there’s quite a selection of tools available to manage your jails
• This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf
• Unlike with iocage, ZFS isn’t actually a requirement for this method
• If you are using it, though, you can make use of snapshots for making template jails

OpenSSH hardware tokens

• We’ve talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client and server?
• This blog post will show you how to use a hardware token as a second authentication factor, for the “something you know, something you have” security model
• It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd
• Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too

LibreSSL 2.2.2 released

• The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes
• At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don’t want in a crypto tool…) and much more
• SSLv3 support was removed from the “openssl” command, and only a few other SSLv3 bits remain – once workarounds are found for ports that specifically depend on it, it’ll be removed completely
• Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc
• It’ll be in 5.8 (due out earlier than usual) and it’s in the FreeBSD ports tree as well

Feedback/Questions

• James writes in
• Stuart writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• BSD Now tshirts are now available to preorder, and will be shipping in September (you have until the end of August to place an order, then they’re gone)
• Next week’s episode will be a shorter prerecorded one, since Allan’s going to BSDCam

The post May Contain ZFS | BSD Now 102 first appeared on Jupiter Broadcasting.

Linux Containers offer functionally similar to FreeBSD’s Jails and OpenVZ, but have remained mostly outside the reach for casual users. Today we’ll show you how Docker can get you up and running with some of the most powerful technology available for Linux today, in minutes.

Then – We run down the big distro releases, debate of Ubuntu is the OS X of Linux, answer some of your great question…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux249 to score .COM for just $2.49! 32% off your ENTIRE order just use our code go32off2 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show: